Global Print Security Landscape, 2019
REPORT NOTE:This report has been written independently by Quocirca . Quocirca has obtained information from multiple sources in putting it together.Although Quocirca has taken what steps it can to ensure that the information provided is true and reflects real market conditions,Quocirca cannot take any responsibility for the ultimate reliability of the details presented. Therefore, Quocirca expressly disclaims allwarranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by anyorganisation or individual taking any action based on such data.All brand and product names are trademarks or service marks of their respective holders.Global Print Security Landscape, 2019A global market perspective on print security , 2019February 2019The far-reaching financial, legal and reputational implications of a data loss mean that information securityis a business imperative. Safeguarding the ever-increasing volumes of valuable corporate data againstunauthorised access has become integral to maintaining business operations and adhering to increasinglyvigorous data privacy compliance requirements.For many organisations, their cyber-attack surface area is increasing as connected Internet of Things (IoT)endpoints proliferate. These include both legacy and the new breed of smart printers and multifunctionprinters (MFPs). Consequently, businesses must take a proactive approach to print security as these printdevices can provide an open door to corporate networks. By taking steps to analyse the potentialvulnerabilities of print environments, businesses can mitigate risks without compromising productivity.This report discusses the risks of unsecured printing and recommends best practices for integrating print intoan overall information security strategy. It also highlights some of the key offerings by print manufacturersand independent software vendors (ISVs) in the market.Louella FernandesQuocircaTel : 44 7786 331924Email: Louella.Fernandes@Quocirca.comREPORT NOTE:This report has been written independently by Quocirca . Quocirca has obtained information from multiple sources in putting it together.Although Quocirca has taken what steps it can to ensure that the information provided is true and reflects real market conditions,Quocirca cannot take any responsibility for the ultimate reliability of the details presented. Therefore, Quocirca expressly disclaims allwarranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by anyorganisation or individual taking any action based on such data.All brand and product names are trademarks or service marks of their respective holders. Quocirca 2019-1-
Global Print Security Landscape, 2019ContentsEXECUTIVE SUMMARY . 3SCOPE AND DEFINITIONS . 5THE PRINT SECURITY THREAT. 6PRINT SECURITY VULNERABILITIES . 7PRINT RELIANCE PROVOKES SECURITY CONCERNS . 8PRINT SECURITY – MATURITY, CONFIDENCE, CONCERN AND SPENDING . 9PRINT-RELATED SECURITY INCIDENTS, DATA LOSSES AND CONSEQUENCES .13PRINT SECURITY CONCERNS, ACTION AND BUDGET CONSTRAINTS .16MPS, SECURITY ASSESSMENTS AND OTHER MEASURES .18FUTURE OUTLOOK .21RECOMMENDATIONS FOR IT DECISION MAKERS .22VENDOR PROFILE: HP .23APPENDIX 1 – DEMOGRAPHICS .25APPENDIX 2 – PRINT SECURITY MATURITY INDEX .26APPENDIX 3 – USE OF MANAGED PRINT SERVICES .27 Quocirca 2019-2-
Global Print Security Landscape, 2019Executive summaryData breaches are rarely out of the headlines and compliance pressure, such as the introduction of GDPR, meanssecurity remains high on the corporate agenda. Cyber threats and data breaches are no longer the sole domain of theIT department, they must be considered at board level as the repercussions are simply too big to ignore. Businessesof all sizes are potentially exposed to reputational, legal and financial losses as the result of cyber attacks. Due to theincreasing sophistication of attacks and the emergence of insider threats, businesses face a battleground to balancebusiness productivity with the need for privacy and security. One area of the IT environment which is often overlookedis the print infrastructure. The majority of organisations rely on print to support business-critical processes, meaningit can be the gateway to valuable, confidential and sensitive information.Quocirca’s Print Security 2019 report discusses how print security is becoming a greater concern to businesses with59% reporting a print-related data loss in the past year. With only 27% classed as print security leaders, it is imperativethat businesses become more print security conscious, particularly as they look to close the paper to digital gap intheir business processes. This ultimately requires print security to move higher on the C-level agenda.In response, print manufacturers are elevating awareness of print security risks. Today most offer a diverse range ofproduct offerings encompassing built in hardware security, print security solutions and comprehensive security andrisk assessments.HP has cemented its lead as a visionary for print security, driving industry standards and offering one of the mostcomprehensive hardware, software and services portfolios. Nevertheless, most competitors are hot on their heels indeveloping their print security propositions. Leading players are moving to a secure-by-design approach, wheresecurity is built in from the ground up on new hardware.What is setting the leaders apart in the market is their investment in security services such as assessments, monitoringand analytics. As the threat landscape becomes more sophisticated, machine intelligence will be key in being able torespond to or predict threats. This will enable an organisation to enhance their print security posture and mitigatepotential risks. Quocirca 2019-3-
Global Print Security Landscape, 2019Key findings: Businesses remain reliant on printing. Print will continue to play an on-going role in the business processesof most US and European organisations. 87% expect print to still be important in two years’ time comparedto 91% today. The dependence on print creates risk. Print is considered to be one of the top security risks to anyorganisation. 66% rank print in their top 5 risks, second only to cloud-based services at 69%. Print security maturity varies. Organisations vary in their capability to ensure the security of their printenvironment. In Quocirca’s Print Security Matrix, 27% were classed as print security leaders, with 17% aslaggards and the rest classed as followers. USA had the most leaders at 36%, UK the least at 18%. Businesses are increasing their print security spend. On average 11% of IT security spending goes on specificprint security measures. 77% say print security spending is increasing. Print related data breaches are frequent and costly. 11% of all security incidents are print related, equatingto an average of nine print-related incidents per year. 59% of these lead to data losses, costing an average of 313,000 per-annum to deal with. Other impacts include lost productivity and revenue. The majority are concerned about malware attacks. There is a perception gap where security risks areconcerned. The top perceived security risk is malware, rated as the highest concern by 70%. However, whenit comes to actual incidents, the most likely cause is the accidental actions of internal users, which areinvolved in 32% of incidents. The use of a managed print service (MPS) leads to improved print security. Overall 62% of organisationsare using an MPS to gain access to print management and security skills which are often lacking in-house.This figure rises to 76% for print security leaders (as measured by Quocirca’s index) compared with just 44%for the laggards. Most organisations have conducted a print security assessment. Overall, 70% have carried out anassessment, although only 18% have conducted these in-house. For the rest they are conducted by thirdparties such as MPS providers or managed security service providers (MSSP). The use of print-specific security measures varies. Overall, 51% have a formal print security policy, 48%apply regular firmware updates, 40% use pull printing, 37% use secure mobile printing and 36% third-partydevice testing. Quocirca 2019-4-
Global Print Security Landscape, 2019Scope and definitionsThis paper examines the security challenges of operating an unmanaged and insecure print infrastructure. It draws onresearch carried out by Quocirca amongst 250 enterprises in the UK, France, Germany and the US in December 2018.Alongside the primary research, key vendors in the market participated to provide details of their security offerings.The print security market is characterised broadly as follows: Hardware vendors. All the major vendors, including Canon, HP, Kyocera, Konica Minolta, Lexmark, Ricoh,Sharp and Xerox offer comprehensive portfolios that include built-in hardware security features, accesscontrol software and third-party vendor agnostic pull-printing. Some vendors also offer security assessmentservices either independently or as part of their MPS offerings.Third-party ISVs. A range of ISVs offer secure print solutions including (but not limited to) Nuance,EveryonePrint, Papercut, Pharos, Print Audit, Ringdale and Y Soft.Data loss prevention. Although vendors in this space are not strictly operating in the print security market,Quocirca believes the capabilities they offer to printing documents based on content analysis offers a higherlevel of security.The following vendors participated in this study: Hardware vendors: Brother, Canon, HP, Lexmark, Ricoh and Xerox.Third-party ISVs: EveryonePrint, Ringdale, Y Soft.Each vendor was requested to complete a written submission detailing its strategy, capabilities and customerreferences to capture key facts and figures.The following definitions are used through the course of this report: MFP: an MFP (multi-function printer, or sometimes product or peripheral), multifunctional, all-in-one (AIO),or multifunction device (MFD) combines print, copy, scan and fax functionality. MFPs offer advanced featuressuch as scan-to-email, scan-to-network destinations and are often based on an embedded software platform.This allows software developers to build integrated solutions for MFP devices.Pull Printing: pull printing functionality allows a document to be released only upon user authenticationusing methods such as proximity/magnetic/smart cards or biometric recognition. Users submit jobs todesignated pull-printing queues and jobs are moved from the pull-printing queue to the dedicated printqueue. Requiring the user's presence at the printer in order to collect print jobs reduces print waste withoutimposing accounting limits.Managed Print Service (MPS): This is the outsourcing of the print infrastructure through a process ofassessment, optimisation and ongoing management. MPS comes in many forms, from entry level packagesthat wrap hardware, service and supplies based on a cost-per-page contract to more sophisticated enterpriseengagements that include document workflow, change and continuous management, based on stringentservice level agreements. Quocirca 2019-5-
Global Print Security Landscape, 2019The print security threatThe continuing digitisation of business processes may prompt expectations of the demise of paper and printing in theworkplace. Such views are misplaced. Quocirca’s research consistently shows that businesses remain dependent onprint to support business activities. However, the way print is being used, managed and integrated into businessprocesses is changing. Alongside this are growing concerns about the security threats that arise from continuedreliance on printing. There are two broad areas of threats: those posed by the documents that print devices produce;and the vulnerability of the print infrastructure itself.Paper output from printers often includes confidential documents, which can end up in the wrong hands at any pointduring their lifecycle, for example early on - if left in output trays, or later - if disposed of carelessly. Documents arealso a privacy and compliance problem. Instances of documents being sent to the wrong recipient are all too common,especially in sectors like healthcare, where there is still plenty of paper correspondence. Documents destined forprinting are also a risk before ink and paper ever meet, as most print devices contain local disk drives to store andqueue output.Although such stored output is one temptation for print infrastructure hackers, it is unlikely to be the primary target.The security threat from print devices is like that of any network-attached device, all of which are increasingly referredto as IoT (Internet of Things) devices. There are three main IoT related threats:1.2.3.The device may be used as a network ingress point. In many cases printers may be poorly secured, firmwaredoes not get updated and access credentials are easily compromised, for example because defaults are neverchanged or because access is shared between multiple administrators.Second, sabotaging IoT devices may be an easy way to target and disrupt an organisation’s businessprocesses.Thirdly, IoT devices, including printers, may be recruited to botnets which are then used to perpetratedistributed-denial-of-service (DDOS) and other attacks that can benefit from access to lots of free processingpower.Quocirca’s Print Security 2019 market report reveals the key market trends impacting print security in today’s everexpanding threat landscape. It highlights the concerns and levels of confidence around print security and the waysthese are being addressed. The report covers both European and US-based businesses ranging in size from 250employees to many tens of thousands across a range of sectors (see appendix 1). Quocirca 2019-6-
Global Print Security Landscape, 2019Print security vulnerabilitiesDespite the move to digital communications, many businesses still rely on printing to support key businessprocesses. MFPs are prevalent across businesses of all sizes and as such they are a critical network endpoint thatmust also be secured. Even behind a firewall, an MFP can be a front door to the network leading to the potentialfor compromising corporate or customer data.MFP Security VulnerabilitiesThe potential risks are illustrated in the diagram above. These include:1.2.3.4.Unclaimed output. Confidential or sensitive information can be collected inadvertently or intentionally byan unauthorised recipient.Latent images on hard disk. All documents whether they are printed, copied, scanned, faxed or stored areprocessed within the hard disk drive. This can present a risk not only if the device is hacked, but also at theend of life when potentially hard disk data could be recovered.Unauthorised access to MFP functions. If MFP settings and controls are not secure, it is possible to alter andreroute print jobs, open saved copies of documents, or reset the printer to its factory defaults. Potentialhackers could also attack print devices to either intercept or download copies of scanned-in documents,emails and user access credentials.Network security risk. Jobs sent to the MFP for printing typically sit unprotected on the server queue. At thisstage, the printing queue can be paused and files copied and the queue restarted. In the worst case, a userfrom the outside can obtain confidential information, or place malware on the device. Open network portsalso present a security risk enabling the MFP to be hacked remotely via an internet connection. Printers cantherefore be prime targets of denial-of-service (DoS) attacks. Further, if data transmitted to a printer isunencrypted, hackers are potentially able to access this data. Quocirca 2019-7-
Global Print Security Landscape, 2019Print reliance provokes security concernsAsked to consider the importance of print 91% of respondents indicated it is important today (2018). This only dropsto 87% when asked to consider the position in two years’ time (2020). There was some variation: 94% of public sectororganisations believe print will still be important in 2020, whilst only 84% of industrial organisations say this will bethe case; 93% of larger businesses agree, compared to 80% of smaller ones. In no country or sector did the figure dropbelow 80% either for today or in two years’ time.At one level businesses recognise the ongoing need for print, but at another they reveal concerns about the risksassociated with this dependence on print. When asked to consider the risks that may lead to security problems anddata breaches in general, the print infrastructure ranks second behind public cloud services (Figure 1), with 66%ranking it in their top five risks compared to 69% for the latter. In professional services, finance and retail, print is thetop concern; this is also the case in France and the USA. Whatever the reality of the risks, the perception that print isa security problem has always needed to be addressed and this will remain the case. However, whilst most are awareof the risks associated with print infrastructure, there is plenty of scope for increasing the confidence that these riskscan be mitigated.Public cloud services69%Print infrastructure66%Network62%Mobile devices58%Email57%User end points55%Data centres54%Enterprise ure 1: Rating of IT risks that may lead to security breaches (% ranking as a top 5 concern) Quocirca 2019-8-80%
Global Print Security Landscape, 2019Print security – maturity, confidence,concern and spendingTo assess the impact of effective print security, or a lack of it, it helps to have a measure of print security maturity.Quocirca has designed a print security maturity index for use in this report, the elements of which are defined inappendix 2. The index considers seven factors: the proportion of overall IT security spending that goes on printsecurity; the use of print security assessments; the use of pull printing; having a formal print security policy; securemobile printing; third party testing of printing devices and printer firmware updates.Print security maturity index scores were classed as follows (all scores out of 10): Print security leaders – score of 8 or more – at the forefront of addressing print security issues, they areoften big users of print and suffer the most print-related security incidents. Leaders recognise the threatsand the need to mitigate them. Print security followers – score between 5 and 8 – may or may not be major print users, aware of theproblems, but only partially addressing them. Print security laggards – score of 5 or less – in some cases low level users of print and consequently sufferedfewer print-related incidents. However, many are just complacent, ignoring the threat from print and likelyto suffer the consequences.Print security maturity varies by country, sector and the size of an organisation (Figure 2). The US has the most leaders,France the most laggards. Retail, which relies on in-store printing and paper dispatch notes for online sales, has themost leaders, finance the least, perhaps because as a sector it has done more to move away from printedcommunications. Larger organisations lead over smaller ones in line with the expected ongoing importance of print.SizeTotal27%500 66%Retail36%16%46%30%Prof services20%54%18%Public %Print security leaders20%30%40%50%Print security followersFigure 2: Quocirca’s Print Security Maturity Index Quocirca 2019-9-60%70%80%90% 100%Print security laggards
Global Print Security Landscape, 2019Whether leaders or laggards, what print-related risks should organisations be protecting themselves against? Concernabout the risk of security breaches and data leaks is high (Figure 3). 73% say they are concerned or very concerned.The figure drops to 46% in Germany and was highest in the US at 6%250-499 employees71%500 or more employees73%Retail78%SectorPublic sector76%Finance72%Industrials71%Prof services65%0%20%40%60%80%100%Figure 3: Concerns about the risk of print security-related data breaches (% concerned or very concerned) Quocirca 2019- 10 -
Global Print Security Landscape, 2019Despite the concern, there is not much confidence that print infrastructure is protected against security breaches anddata leaks. Overall just 24% feel highly confident whilst 33% have a low level of confidence (Figure 4). Confidence washighest in the US and lowest in Germany; highest in retail and lowest in professional services. That Germany waslowest with both confidence and concern, may just be indicative of conservative scoring by German respondents.MaturityTotal24%Print security leadersPrint security 44%60%500 plus24%250-49923%Retail26%Finance24%20%Prof services20%10%28%39%28%Public Size40%21%Print security %MediumFigure 4: Print security confidence Quocirca 201933%39%USSector44%- 11 -42%50%Low60%70%80%90% 100%
Global Print Security Landscape, 2019One of the measures used to calculate the print security maturity index was the proportion of total IT security budgetthat was spent specifically on print security. The overall average is 11% (Figure 5). The figure is highest in the publicsector (13%) and lowest in professional services (9%). Overall 77% say that absolute print security spend has increasedin the last two years, the figure is consistent across most countries and sectors; only 6% say it has decreased SizeUK11%250-49911%500 plus11%Finance10%SectorPublic sector13%Industrials12%Retail10%Prof services9%0%4%8%12%16%CountryFigure 5: Annual print security spend as a % of IT security spending and print SizeGermany20%6%8%250-49978%15%7%500 plus77%18%6%RetailSector15%72%84%Prof services12% 4%68%Public %8%0%20%Increased40%Stayed the same60%80%100%DecreasedFigure 6: Change in print security spend over the last two yearsMaturity, confidence, concern and spending are not just down to perception about the risks to print infrastructure,some of it is down to the incidents experienced and how well they have been dealt with. Quocirca 2019- 12 -
Global Print Security Landscape, 2019Print-related security incidents, data lossesand consequencesPrint-related IT security incidents are frequent and costly. Overall respondents estimate that 11% of all IT securityincidents in the last 12 months have been print-related. This might sound high, however many will have taken intoconsideration printed information falling into the wrong hands as well as attacks on printers themselves. For theaverage organisation this amounts to nine incidents during the previous year. Both figures are highest in the USA (14%and 11 incidents) and in finance (15% and 11.5 incidents). In finance, this may be related to the sector’s magnetismfor attackers viz. it suffers the most attacks overall and therefore the most on printers.Print security maturity itself does not reduce the number of attacks on print (Figure 7). The most mature suffer thegreatest number of incidents. So, print security maturity is more likely to be a response to the threat - an organisationmore reliant on print takes security of the print environment more seriously. There are, of course, plenty ofexceptions. Just because an organisation is more targeted and suffers more incidents, it does not mean it suffers moresevere consequences, if it is mature enough to deal with them.Print security leaders (67)49%Print security followers (140)37%Print security laggards (43)14%0% 20%10-20%27%60%13%67%13% 11%20%58%31%31%14% 12%55%53%35%10% 20% 30% 40% 50% 60% 70% 80% 90% 100%5-10%1-5%None print relatedNo incidentsFigure 7: Print security incidents as a proportion of total security incidents by print security maturity Quocirca 2019- 13 -
Global Print Security Landscape, 2019Overall, 59% say that in the past 12 months at least one print-related security incident has led to a data loss, rising to70% in retail, 66% in finance and 64% in the USA (Figure 8).Total 2%250-49927%24%Size2%500 plus 2%Retail30%30%Prof services8%Industrials0%3%32%30%28%16%A %28%2%5%44%38%Public 't knowFigure 8: Print-related data loss incidents the past 12 monthsRetail has had a lot of well-publicised breaches of customer data in recent years. Dealing with these data losses isestimated to cost an average 313,000 per annum (Figure 9). This is higher in more regulated Europe ( 400,753) thanin the USA ( 199,805).Total 312,567Europe 400,753US 199,805 0 100,000 200,000 300,000 400,000 500,000Average cost of print related data lossFigure 9: Average cost of a print related data loss (sample size 148 organisations that suffered a data loss) Quocirca 2019- 14 -
Global Print Security Landscape, 2019The consequences are not just financial, but also include lost productivity, lost business and revenue (Figure 10).Business-critical processes, such as loan applications and those still using paper documents which need signatures, allrely on printing and can be impacted by print security incidents. Processes may have to be temporarily stopped if adata breach has occurred or the process has been sabotaged. On average it is reported to take 4.4 days to recoverfrom an incident, the figure is highest in finance (5.8) days, which has the most print-related data incidents and lossesto deal with.Reduced employee productivity40%Business downtime39%Lost revenue34%Loss of customer confidence24%Fines/legal costs24%Loss of customers20%0%10%20%30%40%50%% saying factor was a consequence of a print data lossFigure 10: Consequences of print-related data lossesOverall 24% of respondents say there have been fines and legal costs associated with data leaks. Not all such incidentsattract the attention of regulators, but there is concern that they could.Across the board there is one regulation which is being taken into consideration more than any other – the EU GeneralData Protection Regulation (GDPR). 40% take GDPR into account when planning print investments. This is even higherthan average in the USA (42%), where many multinationals rely on European trade. Additionally, many expect GDPRto be a harbinger for more stringent data protection regulations worldwide.Only in France is another regulation, the Institute of Electrical and Electronics Engineers security regulation IEEE 2600,considered more often (by 30%) than GDPR (just 20%) when making print investments. Quocirca 2019- 15 -
Global Print Security Landscape, 2019Print security concerns, action and budgetconstraintsEffective print security requires an understanding of where the risks lie and how best to mitigate them. Asked aboutthe perception of risk 70% worry about malware being implanted on print devices, making it the top concern by someway (Figure 11). This is followed by the related issues of hacks via printers and the compromise of printer accesscredentials, both selected by 60%. Perceived risks are less about printed information itself and more about printdevices.Implanted malware70%External hacks via printers60%User credentials for printers compromised60%Vulnerabilities, printer firmware57%External MPS providers data mishandling56%Vulnerabilities, applications that access printers56%Accidental actions of internal users55%Admin credentials for printers compromised52%Printed documents in output trays51%Deliberate actions of internal users51%Physical security of print devices46%0%20%40%60%80%Figure 11: Concern with factors that may cause a print security inc
business productivity with the need for privacy and security. One area of the IT environment which is often overlooked is the print infrastructure. The majority of organisations rely on print to support business
campus locations' Conceptual Landscape Master Plan (CLMP) . The framework consists of the Bases of Design: Landscape Concepts and Landscape Elements. The TP/SS-CLMP, the RV-CLMP and the GT-CLMP define the landscape concepts and elements which must be followed when site and building landscape projects are designed for each campus.
LANDMAP is a complete All-Wales GIS based landscape resource where landscape characteristics, qualities and influences on the landscape are recorded and evaluated into a nationally consistent data set. LANDMAP comprises five spatially related datasets known as the Geological Landscape, Landscape Habitats, Landscape Habitats, the Historic
Global Ethical Principles for the Landscape Profession DRAFT July 2020 In 2018 the Landscape Institute(LI) proposed to the International Federation of Landscape Architects (IFLA) World Council, that a new set of global ethical principles for the profession be developed to promote ethical practice across the global landscape professional community.
Urban world: The shifting global business landscape McKinsey Global Institute Contents Executive summary 1 1. Developed regions dominate the global company landscape today 21 2. The largest global companies are clustered in a small number of cities 35 3. The global business landscape is shifting toward emerging regions 55 4.
2019 Alfa Romeo Giulia 2019 BMW X7 2019 Alfa Romeo Stelvio 2019 BMW Z4 2019 Audi A3 2019 Buick Cascada 2019 Audi A4 2019 Buick Enclave 2019 Audi A5 2019 Buick Encore 2019 Audi A6 2019 Buick Envision 2019 Audi A7 2019 Buick LaCrosse 2019 Audi A8 2019 Buick Regal 2019 Audi Allroad
Print Your Card 13. To print your card, click the Print button. To get a high quality print out, click the Properties button, select the type of paper, and adjust the print quality settings to the highest setting possible. If you have chosen a single-fold card, the program will pause after the first side has printed.File Size: 2MBPage Count: 8Discover on this pageHow to fold greeting cards in half?How to print a card 13?How to print greeting cards in Jasc Paint Shop?
Océ Direct Print Pro User Guide Section 1 - Introduction Océ Direct Print Pro is a print submission solution used to send groups of files as a print job to low and medium volume Océ and Canon supported devices. This manual covers the print client used to submit print jobs to the Océ Direct Print Pro server.
Landscape LevelsLandscape Levels Landscape -metrics are computed for the entire landscape. Class - metrics are computed by landscape classmetrics are computed by landscape class (e.g. cover types or habitat types) Patch - metrics are computed for each patch. A limited n mber of metrics are a ailablelimited number of metrics are available.
